tools/target_bsf_fuzzer: use av_packet_alloc() to allocate packets

Signed-off-by: James Almer <jamrial@gmail.com>
4 years ago · 36d4e4c9b5
parent 64f092eb5e
commit 36d4e4c9b5
1 changed files with 18 additions and 15 deletions
--- a/tools/target_bsf_fuzzer.c
+++ b/tools/target_bsf_fuzzer.c
@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    const uint8_t *last = data;
    const uint8_t *end = data + size;
    AVBSFContext *bsf = NULL;
-    AVPacket in, out;
+    AVPacket *in, *out;
    uint64_t keyframes = 0;
    uint64_t flushpattern = -1;
    int res;
@ -119,10 +119,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        return 0; // Failure of av_bsf_init() does not imply that a issue was found
    }

-    av_init_packet(&in);
-    av_init_packet(&out);
-    out.data = NULL;
-    out.size = 0;
+    in = av_packet_alloc();
+    out = av_packet_alloc();
+    if (!in || !out)
+        error("Failed memory allocation");
+
    while (data < end) {
        // Search for the TAG
        while (data + sizeof(fuzz_tag) < end) {
@ -133,11 +134,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        if (data + sizeof(fuzz_tag) > end)
            data = end;

-        res = av_new_packet(&in, data - last);
+        res = av_new_packet(in, data - last);
        if (res < 0)
            error("Failed memory allocation");
-        memcpy(in.data, last, data - last);
-        in.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
+        memcpy(in->data, last, data - last);
+        in->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
        keyframes = (keyframes >> 2) + (keyframes<<62);
        data += sizeof(fuzz_tag);
        last = data;
@ -146,26 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
            av_bsf_flush(bsf);
        flushpattern = (flushpattern >> 3) + (flushpattern << 61);

-        while (in.size) {
-            res = av_bsf_send_packet(bsf, &in);
+        while (in->size) {
+            res = av_bsf_send_packet(bsf, in);
            if (res < 0 && res != AVERROR(EAGAIN))
                break;
-            res = av_bsf_receive_packet(bsf, &out);
+            res = av_bsf_receive_packet(bsf, out);
            if (res < 0)
                break;
-            av_packet_unref(&out);
+            av_packet_unref(out);
        }
-        av_packet_unref(&in);
+        av_packet_unref(in);
    }

    res = av_bsf_send_packet(bsf, NULL);
    while (!res) {
-        res = av_bsf_receive_packet(bsf, &out);
+        res = av_bsf_receive_packet(bsf, out);
        if (res < 0)
            break;
-        av_packet_unref(&out);
+        av_packet_unref(out);
    }

+    av_packet_free(&in);
+    av_packet_free(&out);
    av_bsf_free(&bsf);
    return 0;
 }